Sunday, August 07, 2016

This assumes that you already have a running Ubuntu server with Apache installed. To install basic security in Ubuntu, see Basic Security Installs for Ubuntu. This instructions was extracted from here.

1. Update the package index on your server

sudo apt-get update

2. Install the package

sudo apt-get install mysql-server

3. Run the included security script. This changes some of the less secure default options for things like remote root logins and sample users.

sudo mysql_secure_installation

4. If you're using a version of MySQL earlier than 5.7.6, you should initialize the data directory by running command below.

Note: It's not a good and safe practice to put production config values in the repo.
A good way is to ignore config files (*.yml) using git so it don't get save in the repo,
then just manually create this files, with the correct values, in the production server.

Set Global ServerName to Suppress Syntax Warnings: "AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message"

Monday, January 04, 2016

The original idea of this post was taken from My First 5 Minutes On A Server; Or, Essential Security for Linux Servers. As I build my server, I follow it but some of it's recommendation does not fit my requirements (ex: connecting via SSH only on certains IPs, which locked me out on several occasions). This post is my own "concoction". This assumes that you already have a fresh server running with only root as user.

Change deploy user's login shell with the 'chsh' command. This will make sure that deploy user will have a more interactive shell.

sudo chsh -s /bin/bash deploy

Require public key authentication for logging in

vim /home/deploy/.ssh/authorized_keys

Copy and paste the contents of the id_rsa.pub on your local machine and any other public keys that you want to have access to this server to the /home/deploy/.ssh/authorized_keys file. Save and close the file.